The OS structure

A hierarchical organization

Operating systems are intricate software systems that often consist of millions of lines of code. To handle this complexity, developers use abstraction and virtualization to break down the system into smaller, more manageable components with well-defined interfaces.

The core of an operating system is the kernel, which provides essential services for managing system resources (CPU, Main memory, etc.), creating and managing computational units (processes or threads), and enabling communication between different system activities.

To ensure security, CPUs have two instruction sets: privileged and non-privileged. Privileged instructions can access I/O devices and the CPU’s internal state, while non-privileged instructions cannot. Only the kernel is allowed to execute privileged instructions.

To prevent unauthorized use of privileged instructions, CPUs operate in two modes: kernel mode and user mode. In kernel mode, both privileged and non-privileged instructions can be executed. In user mode, only non-privileged instructions can be used. If a user-mode program tries to execute a privileged instruction, the CPU automatically switches to kernel mode.

The kernel’s functionality is extended by libraries, which provide higher-level system functions using kernel services. Additional libraries offer various services to users by abstracting system calls. Applications and system software, like editors, compilers, and interpreters, form the top layer of software. Depending on their needs, these applications may use library services, issue system calls, or directly invoke kernel services.

Flow of user mode and kernel mode instructions from user

Privileged vs. Non-Privileged Instructions

Privileged instructions are those that can directly access and modify hardware resources or control the CPU’s operating mode. This is to protect the system’s integrity and prevent unauthorized access. Non-privileged instructions are limited to operations that do not pose a security risk.

Examples of privileged instructions:

• I/O operations: Directly reading from or writing to hardware devices (e.g., disk drives, network interfaces).
• Memory management: Allocating, deallocating, or mapping physical memory.
• Process management: Creating, terminating, or switching between processes.
• Interrupts: Enabling or disabling interrupts, handling interrupt requests.
• CPU mode switching: Switching between kernel and user mode.
• System calls: Invoking kernel services from user space.

Examples of non-privileged instructions:

• Arithmetic operations: Addition, subtraction, multiplication, division.
• Data movement: Loading, storing, and moving data between registers and memory.
• Logical operations: AND, OR, NOT, XOR.
• Control flow: Branching, looping, and conditional execution.

Essentially, privileged instructions allow the kernel to control the hardware and system resources, while non-privileged instructions are limited to operations that do not pose a security risk.

System calls and supervisor calls

A system call is a request from an application for an operating system service. It’s implemented as a library function that prepares the necessary parameters and triggers a supervisor call.

A supervisor call, or kernel call, is a privileged instruction that automatically transfers control to a specific location within the operating system’s kernel. This provides the interface between the kernel and higher-level software.

Supervisor calls resemble function calls but have two key differences:

• Mode Switching: They switch the CPU from user mode to kernel mode.
• Indirect Function Calls: The function to be invoked is specified indirectly using an index into a branch vector, preventing arbitrary jumps within the kernel.

When the kernel function finishes, control returns to the library function in user mode. The library function then returns control to the application. Depending on the service, the return might be immediate or delayed while the system waits for an event (like keyboard input).

Interrupts and traps

An interrupt, or external interrupt is an event that diverts a program’s execution to a specific location in the kernel to handle an event. This event is triggered by a hardware signal sent to the CPU by an external device.

• I/O completion: Signaling the OS when an I/O operation is finished.
• Time-sharing: Periodically switching between multiple concurrent computations.

A trap, or internal interrupt, is triggered by the current instruction. Errors like division by zero or invalid opcodes cause traps, leading the OS to terminate the program. Supervisor calls also trigger traps to transfer control to the kernel for service requests.

Both external and internal interrupts pause the current program, save its state, and transfer control to the kernel. An interrupt handler, a kernel function, determines the interrupt’s cause and invokes the appropriate kernel function. After the service is complete, the interrupted program’s state is restored, and execution resumes. This process is transparent to the program and ensures immediate responses to asynchronous events.

In conclusion, an operating system’s hierarchical structure, with the kernel at its core, manages system resources and controls privileged instructions for security. System calls enable user applications to access kernel services, while interrupts and traps handle events and errors efficiently. This design ensures secure and efficient system operations while managing complexity.